P. 1
computer security

computer security

|Views: 140|Likes:
Published by Shahid Shahidullah

More info:

Published by: Shahid Shahidullah on Jan 25, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

01/25/2011

pdf

text

original

Secure online business: Exploring the security threats to e-commerce

Vinod Prakash[1], Chander Kant[2], Satinder Bal Gupta[3] [1], [3] Department of CSE, Vaish College of Engg. Rohtak [2] Department of Computer Science and Applications, K.U. Kurukshetra v_bhadrecha@rediffmail.com, ckverma@rediffmail.com, satinder_bal@yahoo.com
Abstract: E-commerce has become a critical component in any business competitive strategy. Organizations are gaining opportunities and benefits such as global presence and improved competitiveness from web-based e-commerce. In this study, we discuss the various models of e-commerce and the need of secure e-commerce transitions. Further we study the different models and methods available for secure e-commerce and Internet risk management system. Key-words: E-Commerce, CIA Triad model, Internet Risk management. 1.Introduction: E-commerce provides an important medium for doing business on global based. E-commerce is the electronic automation of business process. Ecommerce has become a dynamic force, changing all kinds of business operations world-wide. The related concept and business practices not only influence communication, the routines of daily life and personal relationships, they represent opportunities for initiating new international and domestic business ventures [1]. There are a lot of challenges that have faced by e-commerce. Making of secure transaction on Internet, is really a hard task due to globalization of business through Internet and loopholes that we left remain when making transactions online. E-commerce has become a critical component in any business competitive strategy. Organizations are gaining opportunities and benefits such as global presence and improved competitiveness from webbased e-commerce [2]. By doing online business, it is a facility of reaching to everyone. Exploring the opportunities challenges conventional notions of business competition through electronic flows of information and money [6]. Payment on Internet or network is a critical important chain of whole ecommerce, which contains the payment activity. However, though massive manpower and financing are injected into the research of ensuring the safely topic of payment on Internet and E-commerce, yet still many safety problems of financial transaction of E-commerce exists which need to be improved [7]. E-commerce, a subset of e-business, is about the sale and purchase of goods and services by electronic means, particularly over the Internet [4]. On Internet, new forms of currency are using to support electronic payment. Some payment systems involve supporting the existing infrastructure for credit and debit transactions, while other evolving payment system provides payment by means of digital currency [3]. E-commerce is only cannot be defined as doing business or commercial transactions over Internet but it establishes the trust among customers and make a fear-free platform on which a customer can make transactions. It ensures customer for a secure and reliable business transactions. The Internet and e-business are complementary events linked with the progression of related technology [4].

1

2. capture and [5]. B2C become more effective and reliable to consumer. more efficiency. low 3. 3. Though consumer continues to experiment online. Customer feels more trust on making transactions online. Overcoming to these barriers. The general idea is. Hackers seem any target to data repositories due to availability of data on a single place. companies This model and provides exciting web-based business technologies for all sizes of companies. Other consumers access the site and place bids on the items.bandwidth. 2. E-commerce models: Basically in the broad terms. Security on each connection requires a deep sight. a major barrier to C2C e-commerce is likely to be a lack of trust in the seller [8].3 Consumer-to-Consumer (C2C) model: This type of e-commerce is usually a form of an auction site. The site then provides a connection between the seller and buyer to complete the transaction. Companies of all sizes and types are mutually buying and selling products and services on the Internet. 2. more advertising exposure. In traditional commerce money flows by hands of customer and merchant but in electronic commerce means flow of money electronic by using various electronic payment methods. new markets and new physical territories equate to an intelligent method of mutual business. Secure data and money transfer must be there.1 Business-to-Business (B2B) model: Business-to-Business form of e-commerce.3 Lack of forensic evidence: The lack of forensic evidence in computer makes detection. It is basically a concept of online marketing and distributing of products and services over the Internet. 3.2 Business-to-Consumer (B2C) model: Business-to-Consumer form of e-commerce now comes out of its infancy stage. Although consumer and merchant are not face-to-face meet but consumer have more options and have more solutions online. Need of secure e-commerce: There are several reasons why electronic commerce must have stronger requirement on security than traditional form of commerce [12].2 Data repository: Storage of sensitive data in repositories or databases makes e-commerce system ideal target [10]. and make more sales while spending less to do it that would the formula of success for implementing a B2C e-commerce infrastructure [14]. 3. uncertainty. if you could reach more customers. is experiencing an explosive growth rate on Internet. less overhead expenses. B2B also offers unique benefits such as less human intervention. Given an individual’s lack of knowledge about others selling online as well as the fact that a significant amount of money may be involved in a transaction. there are two types of commerce: traditional commerce and electronic commerce [4]. consumer protection and network access 2. service them better.1 Internetworking of computer systems: Online business has a lot of computer that are interconnected to perform business transactions. fewer inadvertent errors. The consumer lists items for sale with a commercial auction site. This offers dynamic opportunities [5]. It is a natural progression for many retailers or marketer who sells directly to the consumer. privacy. It is a win-win situation for both buyer and seller [14]. The site provider usually charges a transaction cost. C2C refers a situation where both the seller and the buyer are consumer in an online transaction [4]. business-related barriers must still be overcome-security. 2 .

informative and available in timely manner [13]. With the facility of internetworking of system. Classification of private and sensitive data and information must be made and should not be disclosed. accurate and reliable information is essential for online business on the Internet. 3. Including these. The major concern must be over the security for make a safe guard for online transactions. Information can be hacked from an insecure network and easily modified in a unexpected way. E-commerce barriers: There are a lot of factors that prevents our move towards e-commerce. Some of them are [9]: . interactions. there are some more factors that needed in security such as: (a) authorization (b) authentication and (c) non-repudiation. Regular auditing of system is essential for secure transactions.Human resource issues. integrity and availability on the Internet are the basic security concepts [11]. Privacy ensures that customer’s data collected from their electronic transactions are protected from indecent and unauthorized disclosure [2]. Integrity ensures that if the context of a message is altered. Security concern to Online Business: With the increasing speed of Business –toconsumer (B2C) and Business-to-Business(B2B) integrity.Legal and Regularity issues . 4. Availability of information is important to that kind of business that ensures depends that on information. 4. the receiver can detect it [4]. data and Availability accessed computing resources needed by the consumer are reliable.prosecution more difficult [10]. that make a loss of The figure displays the major barriers in the consumer products industry.Lack of trust . 4. There should be a defined level of security access and a depth of information to where a user can get it. The CIA triad model [13] describes Confidentiality Integrity Availability Information that is read or copied by someone that is not authorized to do so is defined as the loss of confidentiality. The survey found that the lack of human resource and the lack of technical knowledge are becoming less of a barrier to developing and implementing e-commerce initiatives in the consumer product industry [9].Technology . E-Commerce can give a company a strong advantage over their competitors while providing greater value and comfort to its customers [1].Security issues . it is not hard to committing crimes without the barriers of distance and time.4 No matter of distance: Computer crimes can be committed a thousand of miles from the held place. 3 .1 CIA Triad Model of security: The confidentiality.

Web server uses this information to know about the browsing habit of the user and displays these kinds of links without the permission of the user.” Jeff Mallet. The more risk arises when a user visits unknown web links that are un trusted. Inc. Cookies are data that are sent back and forth between the web server and client to maintain state between Web connections. Web browser poses risks to the user’s security and privacy of the information. If there is access control the most of attacks are impossible.5.(d) Denial-of-Service attacks [9]. Setting the password to sensitive information can protect the data. Boundaries to the information must be defined. We used various encryption schemes. Security solutions: We can classified various technologies that are used to prevent from stealing the confidential information in online business [9] : (a) Cryptographic technologies (b) Access protection (c) Virus protection tools (d) Other combination of technologies Cryptographic Technologies: Cryptology uses the techniques in which the plain text information is converted in cipher text using various schemes and methods that cannot be read even if the information is hacked. president of Yahoo!. “Bad people do bed things. Access Control and authentication protection: There must be a level of information on that the user can access the information. Hash function and digital certificates [9]. Java Applets gain access to sensitive files on the users’ desktop. Sometimes uploading or downloading of files may cause to make a loophole for secure user systems. Java Applets automatically downloaded from any Web page and run within the user’s Web browser. Firewall can be used for this kind of access controls. Java Applets are considered untrusted code that must be carefully handled. Some Active X controls are placed on the webpage to download the information about the system configurations by downloading itself to user’s machine and after reading its mail files send this information back to the Web server. Control and authentication 4 . Security by Depth: Security can be defined as term in which the information or data is stored in the system cannot be read or compromised by unauthorized users. Threats to security: The online consumer uses the web browser as frontend to make a transaction. Password used after the hacker cross the Firewall or authorization but kept in authentication. Cookies are another web technology that can be used to hack the end users’ privacy. having the lack of knowledge of these links. made that observation in the aftermath of the recent “hacker attack” that sent the world’s largest electronic commerce sites reeling [16]. 6. The notorious Computer Chaos Club out of Germany demonstrate the ability to download a seemingly ActiveX control that in fact scheduled electronic transfer of funds from the users’ account to a numbered Swiss bank account [17]. Moreover there are other kinds of threats with concern to e-commerce security as (a) Unauthorized access (b) Malicious code (c) Financial Fraud such as credit card fraud etc. digital signatures.

In planning.Polymorphic virus analyzers Other combination of Technologies: Including these protection schemes.threat. In first step specifies the policies. E-commerce is still very much in an experimental phase. The second phase is planning. It must be planed to put them together. The third phase is the implementation of the plan. Biometrics can also be used with concern to identifying physiological a person or based on his or her behavioral characteristics. which are unsuccessful and need modification. 7. Review is needed to check the effectiveness of policies. There are five distinct methods identified for fighting against viruses [9]:. planned and implement the plan. whether there are any new threat [1]. Conclusions: E-Commerce is the developing trend of the economic development. This paper does not provide the efficient solution for secure E-commerce but it explores the tools and methods that may be used to make secure. Secure MIME( S/MIME) etc. A safe ecommerce environment made it easy to establish the Biometrics are utilized for authentication and as a result. some protocols are also used for secure the sensitive information as Secure Socket Layer (SSL). PGP. The basic is to prevent the messages (payment. Risk management consist of four phases-assessment. A secure online transaction requires a lot of security concerns. trustful and reliable online business. By means of tolerable threats that have less risk in network. The last phase is monitoring. Third step is to delineate threats in which we find out the origin of 5 . the organization estimated the security risk.Signature scanning anti-virus software .Heuristic anti-virus software . It contains five steps. planning. Network payment relies on the establishment and completeness of electronic online safe trading. order) when there are a lot of barriers due to broad network. The next step is identifying vulnerabilities.Macro virus analyzers . implementation and monitoring [1]. Internet Risk Security Management: Business must determine the themes that are most valuable for them. Monitoring is a continual process that aides in the determination of which technologies are successful. sets of security policies define which threats are tolerable and which are not. SET. Technologies are chosen as defined in planning phase. The final step is to quantify the value of each risk by assigns a value to each risk [1]. And last step is to make the final plan that will be implemented on network. First is to establish the objectives of an organization. Various tools and methods are used to find out the weakness of network. Virus protection tools: Today. there are various kinds of anti-virus and content-filtering software introduced in the market. protects confidentiality and integrity [9]. Basically there are many solutions that are available for secure Internet business but still have to wait for its best use. Second is assets inventory that is to define the tangible and intangible assets. Secure Hyper Text Transmission Protocol(S-HTTP).Integrity checking anti-virus software . Second is establishing processes for auditing and review [1]. This phase also have some steps. During the assessment phase.

[9]. Information Management and Computer Security.” [8]. [5]. ET Al “Keeping E-Business in perspective”.8 page 69-73. ICT-2006 PP 237-240 Feb 09-11. Bob Gehling. no.N. Anup K.Chan.W. 2006 at JMIT. Hostile ActiveX control demonstrate RISK Digest 18(82).K. [16].Ratanshigham “Trust in Web-based Commerce Security”. H. Wright.12 page 45-49.p162166. December. ”E-Commerce security: Weak links.2003 vol. “E-Commerce”. Strader and S. P: 3 – 16. M.Klaus Brunnstein. 142. 1998 vol.2002 vol. [14].2003 April 17. A.no.com. David Stankard “eCommerce Security”. 2003 from Lexis Nexis.isos.Treese “Inernet Security: To worry or not to worry? EDI Forum Journal of Electronic commerce 10(4): 54-58. August.45. Security becomes the most essential concept in Ecommerce and still have more to explore the security weak links. Wiley 2001. smart moves to earn consumer confidence retrieved July19.trust of customer. “The value of seller trustworthiness in C2C online markets”. Anonymous (2003) Special Report. References: [1]. 1998 ISBN-0-47-1922-3-6.Barnes. MA. Insurance Advocate. Computing.Hacker Attackers Raise troubling questions on e-commerce Security Developments. Ghosh “E-Commerce security: No Silver Bullet” IFIP Conference Proceedings. [17]. “ ECommercializing Business Operations” Communication of ACM.h tm [15]. X.2 page 83-87. [3]. G. E T Al Chichester. NY p.Sahi and P.Recent Advances & Applications 6 . Vol. P. authorizationverifying the user has permission to specific data. Overall E-commerce sites need to be concerned with the variety of security issues including: authentication-verifying the participants that are involved in the transactions. Dekker.45. February 1997. RockLand. [4].37 [2]. 1998 [11]. “Security Research on Payment System on E-Commerce Network.123 [12]. T. Feb19. New York NY.1997 [13].Colman. Radaur Yamuna Nagar [10]. 2005.Gosh.my/ecommerce/b2b.http://www. Zinkewiez Phil 2000. no.2002. Ramaswami.46. Chander Kant. Ji Zaho. [6].C. Communication of ACM.2002 vol. T. ET Al “Hack proofing your wireless networks” Syngress Publishing.15.6. P: 32 . John Wiley & Sons. Feburary. security. Information security curriculum development Proceedings of the 2nd annual conference on Information security curriculum development.(1997) The Frorlich/ Kent Encyclopedia of Telecommunications vol. no.4. Best Defenses”.J. [7]. Rajender Nath "Off-line Optical Frustrated Total Internal Reflection" Published in the proceedings of National Seminar on “Information and Communication Technology. C. Communication of ACM.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->